As long as it's stored and processed locally, I don't really see the implications being that much worse than someone getting all your local IRC/IM/email logs. (Those or their equivalents are stored in the cloud nowadays but disregard that for now for the sake of argument.)
It has been over a decade that big tech has been playing this script:
* Introduce a feature that is abysmal for user privacy
* Promise it's okay because $reasons
* Make the feature opt-out
* Change the EULA so that $reasons are no longer applicable/valid
* Roll out an update that "accidentally" turns the feature back on for everyone
* Apologize, deny, divert, deflect
* Siphon off all that sweet sweet user data
Rinse and repeat. Get away with it every time. People still go "oh I don't see the problem, they said $reasons". This time "it's stored locally". Until it won't.
You are merely objecting to Microsoft being the developer behind Recall. Great I don't fault you for that. But now consider hypothetically what if the Linux Foundation developed and announced Recall?
The linux foundation would introduce this is an optional thing you can download, with documentation on how it works, and where you can find the source. Within 3 days the community would make self hosted servers for it.
They are not known for siphoning user data through dark patterns, so there is nothing to object from me. If they were to try it the same underhanded way as microsoft, I'd be just as much against it.
That's exactly what I would think too in this thought experiment. So Recall itself isn't the problem; it's the way Microsoft built it. I am personally still in fact waiting for a reputable organization to build it.
If it was any other company than Microsoft, I might have agreed with you that it's fine as long as those things happen.
But if history is any indication of the future, as soon as the tool gets popular, Microsoft will try to claw back whatever data it can about it's users, or add Pro features only available to signed up Microsoft users who pay, or something similar.
I think many of us have been burned by these companies doing bait-and-switch so many times, that it's almost impossible to not see the writing on the wall here and even spend five minutes trying it out.
I much rather wait for the inevitable (serious) FOSS clone that will be safer to use instead.
> I much rather wait for the inevitable (serious) FOSS clone that will be safer to use instead.
Yep - though I've no interest in a tool like Recall (I don't really see the point, it doesn't do anything for me I'd want) I do understand that others may feel differently but even if I did want it, I'd wait for the FOSS version as well.
Anything stored locally can be exfiltrated by malware. Run OCR on the archives, check when someone opens their password manager, copy and exfiltrate the password.
Oh and partners, ex-partners and children can also abuse such data. Even if you clear your browsing history, forget about clearing the Recall cache and whoops, they can see your browsing habits post-facto.
Employers and law enforcement agencies are another bad actor that's to guard against. Even if laws such as GDPR or employee safety regulations prohibit companies from screenrecording, there's not much stopping them from using a feature Microsoft tries its hardest to prevent people from opting out of.
the privacy implications are really no worse than people who have a web browser cache/history, use a password manager, and have their entire email/message history available for offline perusal on their computer/device.
just like an attacker can go after the recall data, they can go after those well known sources of data as well, which are generally not encrypted.
Which is why, for example, the changes signal made to prevent recall from working when it was visible, were pure virtue signalling. By default signal on the PC keeps all messages sent available in a db that any attacker can easily download.
The entire criticism aimed at recall ignored all the other ways this data is stored on one's PC.
The technology can be cool while still be a horrific idea because of the implementation and privacy implications.